php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #53516 open_basedir BUG introduced in PHP 5.2.15
Submitted: 2010-12-10 11:28 UTC Modified: 2010-12-10 13:50 UTC
Votes:4
Avg. Score:5.0 ± 0.0
Reproduced:3 of 4 (75.0%)
Same Version:3 (100.0%)
Same OS:2 (66.7%)
From: ofi at evil dot net dot pl Assigned: iliaa (profile)
Status: Closed Package: Streams related
PHP Version: 5.2.15 OS: Linux 2.6.36.1
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: ofi at evil dot net dot pl
New email:
PHP Version: OS:

 

 [2010-12-10 11:28 UTC] ofi at evil dot net dot pl 
Description:
------------
Just look at:
http://svn.php.net/viewvc/php/php-src/branches/PHP_5_2/main/fopen_wrappers.c?r1=303823&r2=306136

and

http://svn.php.net/viewvc/php/php-src/branches/PHP_5_3/main/fopen_wrappers.c?r1=305507&r2=305698

'-1' is missing in 5_2 branch

Test script:
---------------
Not needed - just enable open_basedir.

Expected result:
----------------
Working php script.

Actual result:
--------------
Open_basedir restriction...

Patches

open_basedir-5.2.15-fix.patch (last revision 2010-12-10 10:44 UTC by ofi at evil dot net dot pl)

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2010-12-10 13:50 UTC] iliaa@php.net 
Automatic comment from SVN on behalf of iliaa
Revision: http://svn.php.net/viewvc/?view=revision&revision=306184
Log: Fixed bug #53516 (Regression in open_basedir handling).
 [2010-12-10 13:50 UTC] iliaa@php.net
-Status: Open +Status: Closed -Assigned To: +Assigned To: iliaa
 [2010-12-10 13:50 UTC] iliaa@php.net 
This bug has been fixed in SVN.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.
 [2010-12-15 14:50 UTC] joho at boojam dot se 
Wouldn't this merit 5.2.16 considering it's "quite" fatal?
 [2011-03-02 12:59 UTC] webmaster at imposit dot com 
This seems not to be solved in 5.2.17 either
for example
open_basedir = /var/www

within /var/www/login.php  has
include ('step2.php');
/var/www/step2.php exist (same right as other files, readable...)
openbasedir restriction denies access to the file

you need to include('./step2.php')
to get it work


this is not possible, on my hosts running tousands of different php scripts
does work until and including version 5.2.14
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Thu Nov 21 12:01:29 2024 UTC